Vulnerabilities > Archerirm > Archer > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-22 | CVE-2024-49209 | Incorrect Authorization vulnerability in Archerirm Archer 2024.03/2024.04/2024.06 Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. | 4.3 |
| 2024-10-22 | CVE-2024-49210 | Cross-site Scripting vulnerability in Archerirm Archer Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x before version 2024.09. | 6.1 |
| 2024-10-22 | CVE-2024-49211 | Cross-site Scripting vulnerability in Archerirm Archer Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x before version 2024.08. | 6.1 |
| 2024-07-25 | CVE-2024-41705 | Cross-site Scripting vulnerability in Archerirm Archer A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. | 5.4 |
| 2024-07-25 | CVE-2024-41706 | Cross-site Scripting vulnerability in Archerirm Archer A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. | 5.4 |
| 2024-07-25 | CVE-2024-41707 | Cross-site Scripting vulnerability in Archerirm Archer An issue was discovered in Archer Platform 6 before 2024.06. | 5.4 |
| 2023-12-12 | CVE-2023-48642 | Cross-site Scripting vulnerability in Archerirm Archer Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an authenticated HTML content injection vulnerability. | 5.4 |
| 2023-10-17 | CVE-2023-45357 | Exposure of Resource to Wrong Sphere vulnerability in Archerirm Archer Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. | 6.5 |
| 2023-10-17 | CVE-2023-45358 | Cross-site Scripting vulnerability in Archerirm Archer Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. | 5.4 |
| 2023-07-14 | CVE-2023-32759 | Exposure of Resource to Wrong Sphere vulnerability in Archerirm Archer An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL. | 6.5 |